Threat Intelligence & Attribution Best Practices: Attribution Analysis


Overview/Description
Expected Duration
Lesson Objectives
Course Number
Expertise Level


Overview/Description

Cyber attribution analysis is used to track, identify, and incriminate perpetrators of cyber attacks or exploits and is a must-know offensive security operations technique. In this course, you'll learn about the fundamental concepts and critical concerns related to attribution.

You'll start by examining the different attribution types and levels before exploring attribution indicators, techniques, best practices, tools, and challenges.

Moving on, you'll gain insight into how to identify and interpret forensic artifacts gathered from various sources, manage evidence, and make attribution judgments and assessments. You'll then study geopolitics, the Intelligence Community, and legal considerations as they relate to cyber threats and attribution. Lastly, you'll look into how malware cyber threat reverse engineering, code sharing analysis, and network behavior analysis lead to attribution.



Expected Duration (hours)
1.4

Lesson Objectives

Threat Intelligence & Attribution Best Practices: Attribution Analysis

  • discover the key concepts covered in this course
  • summarize what is meant by attribution analysis and describe how it can relate to threat intelligence
  • differentiation between attribution types such as machine, human, and adversary
  • describe the different levels of attribution, including cyberweapon, country or city, and person or organization
  • list techniques and tools used by cybercrime investigators for performing cyber attribution
  • list common challenges related to cyber attribution
  • list key indicators that enable attribution
  • outline best practices for determining attribution
  • outline best practices for presenting attribution analysis
  • describe how attribution judgments are made
  • recognize the importance of identifying and preserving forensic artifacts and list common errors when dealing with digital evidence
  • outline how to manage digital evidence properly
  • describe how attribution analysis can affect geopolitical dynamics
  • identify national-level partners in the Intelligence Community that can assist with attribution
  • summarize what is meant by malware cyber threats and interpret how reverse engineering malware can lead to attribution
  • recognize different code sharing analysis techniques that lead to attribution
  • describe network behavior analysis techniques that lead to attribution
  • recognize legal implications related to cyber threats and attribution
  • define indirect attribution and interrelate it to machine learning, social networks, and political ideologies
  • summarize the key concepts covered in this course

    • Course Number:
    it_cytibpdj_02_enus

    Expertise Level
    Intermediate